From cc9e38f58b5909617b3fc41856ff8feda59622d2 Mon Sep 17 00:00:00 2001
From: Florian Wilkens <florian.wilkens@uni-hamburg.de>
Date: Fri, 5 Nov 2021 15:57:43 +0100
Subject: [PATCH] add missing call to EVP_KDF_CTX_set_params

---
 src/analyzer/protocol/ssl/SSL.cc | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc
index 3ab7d63416..cee214fe8f 100644
--- a/src/analyzer/protocol/ssl/SSL.cc
+++ b/src/analyzer/protocol/ssl/SSL.cc
@@ -168,7 +168,7 @@ bool SSL_Analyzer::TLS12_PRF(const std::string& secret, const std::string& label
 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
 	// alloc context + params
 	EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
-	EVP_KDF_CTX *pctx = EVP_KDF_CTX_new(kdf);
+	EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
 	OSSL_PARAM params[4], *p = params;
 	EVP_KDF_free(kdf);
 #else /* OSSL 3 */
@@ -193,14 +193,23 @@ bool SSL_Analyzer::TLS12_PRF(const std::string& secret, const std::string& label
 	*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, (void*)seed.data(), seed.size());
 	*p = OSSL_PARAM_construct_end();
 
+	// set OSSL params
+	if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
+		goto abort;
 	// derive key material
-	bool result = EVP_KDF_derive(pctx, out, out_len, params) <= 0;
-	EVP_KDF_CTX_free(pctx);
-	return result;
+	if (EVP_KDF_derive(kctx, out, out_len, NULL) <= 0)
+		goto abort;
+
+	EVP_KDF_CTX_free(kctx);
+	return true;
+
+abort:
+	EVP_KDF_CTX_free(kctx);
+	return false;
 #else /* OSSL 3 */
 	if (EVP_PKEY_derive_init(pctx) <= 0)
 		goto abort; /* Error */
-	// setup OSSL_PARAM array: digest, secret, seed
+	// setup PKEY params: digest, secret, seed
 	// FIXME: sha384 should not be hardcoded
 	if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha384()) <= 0)
 		goto abort; /* Error */